Author Topic: Poebot.gen, Poebot.dam, gaobot all detected (Read 1854 times)

redcrowley · « **Reply #20 on:** November 03, 2006, 11:39:22 PM »

So far, the computer is running the same. Last night my scan was ended with a shutdown.
Thanks for your help.

New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:29 PM, on 11/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Universal Shield 4.1\US30Service.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\HJT\Scanner.exe.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\System32\s1940.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\System32\s1940.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Russ\Desktop\framxpro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\System32\s1940.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104460389187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.1\US30Service.exe

redcrowley · « **Reply #21 on:** November 03, 2006, 11:41:04 PM »

And here are the scan results:

Service load: 0% 100% File: imii.bat Status: [color=\"#00bb00\"]OK[/color] (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 a54f42301e342c0e3f5e35bc3aaa4bed Packers detected: -Scanner results AntiVir Found nothingArcaVir Found nothingAvast Found nothingAVG Antivirus Found nothingBitDefender Found nothingClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingFortinet Found nothingKaspersky Anti-Virus Found nothingNOD32 Found nothingNorman Virus Control Found nothingVirusBuster Found nothingVBA32 Found nothing

redcrowley · « **Reply #22 on:** November 03, 2006, 11:42:12 PM »

Sorry about the formatting there. I copied and pasted from the website.

guestolo · « **Reply #23 on:** November 04, 2006, 12:51:57 AM »

Could the computer be shutting down from overheating?
It's only been shutting down since the installation of McAfee's?

You can try uninstalling all of McAfee's and see if you still have shut down issues
Make sure to reboot the computer after all removal
Reinstall the free version of Avira and run a scan

redcrowley · « **Reply #24 on:** November 04, 2006, 11:35:45 AM »

I'll try that after I shutdown my firewall and see if I am still shutting down randomly. At the beggining of this thread I informed you of my random shutdowns when the firewall is not on. Those were caused by a remote procedure call. Which I believe is an effect of Poebot (I may be wrong there). I'll let you know how it goes.

redcrowley · « **Reply #25 on:** November 04, 2006, 11:43:30 AM »

ok, almost as soon as I shut down my firewall, these messages started popping up. These usually precede the RPC shutting me down.

McAfee has automatically blocked a buffer overflow.

Details

Detection:

File: C:\WINDOWS\system32\svchost.exe

More Info

Buffer overflows occur when suspect programs or processes try to store more data in a buffer (temporary data storage area) on your computer than its limit, corrupting or overwriting valid data in adjacent buffers.

If you do not recognize this activity, McAfee recommends that you continue to block it. If you recognize this activity, trust it in the future.

guestolo · « **Reply #26 on:** November 04, 2006, 11:47:42 AM »

Computer shuts down when I disable firewall
Ah yes, you did say that
Can you do the following for me please

Download Stinger from McAfee's
Save it too desktop
Double click on Stinger.exe
# If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned.
# Click the Scan Now button to begin scanning the specified drives/directories.

When the scan is done
Click the File menu and select Save report to file
Save the report to your desktop

Reboot the computer

Post back that report please

redcrowley · « **Reply #27 on:** November 04, 2006, 11:50:53 AM »

Running that scan now. And thanks again for your help.

As an aside, I have been reading your thread with napster, and I can't believe you kept trying to help him. The man was an utter jerk. Kudos to you.

redcrowley · « **Reply #28 on:** November 04, 2006, 12:16:15 PM »

Stinger is searching my C drive (the only partition/drive I have) but it will take awhile due to the fact that it's 3/4 full of data. I will be heading to work soon, so if it doesn't complkete by then, I'll post the results around 11 pm EST.

redcrowley · « **Reply #29 on:** November 05, 2006, 11:06:46 AM »

I have tried 2 times to complete a run of stinger. It seems to be sgutting me down the same as when a Mcafee scan runs. But I have not been at the computer for either shutdown, so I am currently running stinger while I have time to watch and see exactly what happens.

Also worth noting:

When Mcafee (or Stinger) shuts me down, it leaves the computer running, but the monitor is no longer able to get a signal. I am assuming it shuts down windows entirely, and this is why. Also, after this happens, I cannot turn off the pc from the power button. I actually have to unplug it. Just thought that tidbit may be pertinent.

I'll let you know how this stinger scan goes when it completes.

redcrowley · « **Reply #30 on:** November 05, 2006, 12:17:03 PM »

ok, so Stinger is not completing, and it is causing a shutdown. It hung up on a file in the Microsoft MSDN Library folder, then shut off. I was unable to get the entire filename as it was long, and the time between stinger freezing up and the comp stopping working was short. I can tell you the filename ended in letters and nubers. I believe the last 2 were AX. Tried to write it down, but could not get it.

I am not sure if the file where it stopped working is pertinent, but I figured any info would help.

guestolo · « **Reply #31 on:** November 05, 2006, 12:52:52 PM »

Are you able to run Stinger in safe mode>>WITHOUT networking?

redcrowley · « **Reply #32 on:** November 05, 2006, 11:21:07 PM »

I ran stinger in safe mode with no networking. It still hung up on the same file, but did not shut me down. This atleast gave me plenty of time to see the file and path it hung up on. And here it is:

C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN Express Library\FL_cpref_hxs_99151_ENU___.3643236F_FC70_11D3_A536_0090278A1

Don't know if it helps at all, but that's what I have figured out.

redcrowley · « **Reply #33 on:** November 06, 2006, 12:20:27 AM »

UPDATE:

I have deleted Microsoft Visual Studio 8, and it's folders from my drive. I have uninstalled the MSDN library. All can be reinstalled later. I just figured it may help the scan complete. At the moment, I am running the gaobot fix tool from symantec to see if it will clear one of my detected viruses (ie gaobot and poebot) then I am going to attempt to run stinger again, unless you say otherwise.

guestolo · « **Reply #34 on:** November 06, 2006, 12:22:56 AM »

I was going to suggest something along those lines
I was going to ask you to exclude that folder from a McAfee antivirus scan
But your method should work

There definitely seems to be a conflict with the beta version of Microsoft MSDN Express Library 2005 Beta
and McAfee's

See if you can run both via safe mode

redcrowley · « **Reply #35 on:** November 06, 2006, 12:27:50 AM »

ok, the gaobot fix tool from Symantec found no detections(not run in safe mode). Now I am running stinger(also not in safe mode). Then I will rinse and repeat in safe mode for both.

guestolo · « **Reply #36 on:** November 06, 2006, 12:31:45 AM »

Make sure McAfee is up to date
It's Virus scan should be good enough to run in safe mode
But to be on the safe side, run Stinger also

redcrowley · « **Reply #37 on:** November 06, 2006, 04:48:15 PM »

Neither the Symantec Gaobot tool, nor Stinger located anything when run in normal or safe mode. McAfee does not run in safe mode, so I am starting a scan right now in normal mode to see if it completes. I will post any details when it finishes.

redcrowley · « **Reply #38 on:** November 06, 2006, 06:31:04 PM »

I ram Mcafee unimpeeded in normal mode and found nothing. Which is weird since nothing has stated it removed the original viruses. So I took down my firewall to test, and BANG, I start getting buffer overflows caused by the svchost again. I am stumped.

guestolo · « **Reply #39 on:** November 06, 2006, 07:37:05 PM »

Ok, let's see what can be done about this
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Service pack 2 has been out for quite some time
It includes needed security patches
You should consider updating

NOTE: Without patching your machine, quit disabling your Firewall or your asking for trouble

Before updating
Let's try a different virus scanner

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

And as a double check, this scanner won't take too long
Download and save too desktop
F-Secure Blacklight(blbeta.exe)

Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

News:

Author Topic: Poebot.gen, Poebot.dam, gaobot all detected (Read 1854 times)